Attributes and Attribute Mapping

Attributes hold descriptive information about a user entry. Every attribute
has a label and one or more values, and follows a standard syntax for the
type of information that can be stored as the attribute value.

Attribute Types

Significant attributes.
Synchronized between Directory Server and Windows directories whenever the attributes are modified according
to specified modification synchronization settings.

Creation attributes. Synchronized
between Directory Server and Windows directories whenever a new user is created,
according to specified object creation synchronization settings.

Mandatory creation attributes are attributes that are considered “mandatory”
to successfully complete a creation action in the target directory. For example, Active
Directory expects that both cn and samaccountname have
valid values upon creation. On the Directory Server side, if you are configuring inetorgperson of a user object class, Identity Synchronization for Windows will
expect cn and sn as mandatory attributes
for a creation.

A creation attribute default updates the target directory creation attribute
with a default value only when there is no value in the
attribute propagated from the originating directory. (Creation attribute defaults
can be based on other attribute values. See Parameterized Attribute Default Values)

Note –

Significant attributes are automatically synchronized as creation
attributes but not the other way around. Creation attributes are only synchronized
during user creations.

Parameterized Attribute Default Values

Identity Synchronization for Windows allows you to create parameterized default
values for creation attributes using other creation or significant attributes.

To create a parameterized default attribute value, you embed an existing
creation or significant attribute name, preceded and followed by percent symbols
(%attribute_name%),
in an expression string. For example, homedir=/home/%uid% or
cn=%givenName%. %sn%.

When you create these attribute default values, follow these guidelines:

You can use multiple attributes in a creation expression (cn=%givenName% %sn%), but the attributes in %attribute_name% must have single values.

If A=0, B can have one
default value only.

You can use the backslash symbol (\\) for
quoting (for example, diskUsage=0\\%).

Do not use expressions that have cyclic substitution conditions
(for example, sn=%uid% and uid= %sn%).

Mapping Attributes

After you define the attributes to synchronize, map the attribute names
between the Directory Server and Active Directory/Windows NT systems to synchronize
them to each other. For example, you must map the Sun inetorgperson attribute
to the Active Directory user attribute.

You use attribute maps for both significant and creation attributes,
and you must configure attribute maps for all “mandatory creation attributes”
in each directory type.